Revision [29485]

Last edited on 2013-11-08 11:34:33 by darkcity
Additions:
~[[http://puppylinux.dreamhosters.com/Multiple-Users/Nathan-article_multi-user-support.html Multi user support in Puppy]] - Comment by [[NathanF]]
Deletions:
~[[http://web.archive.org/web/20080604034010/grafpup.org/news/?page_id=243 Multi user support in Puppy and Grafpup Linux - my thoughts]]


Revision [29484]

Edited on 2013-11-08 11:31:11 by darkcity
Additions:
~Some Puppy versions also come with ##spot## and/or ##fido## accounts that don't have root privileges. ##spot## can be used to run browser and other networking software to add an extra level of security. ##fido## is a non-root account.
Deletions:
~Some Puppy versions also come with ##spot## and/or ##fido## accounts that don't have root privileges. They can be used to run browser and other networking software to add an extra level of security.


Revision [29483]

Edited on 2013-11-08 11:29:42 by darkcity [links expand]
Additions:
==spot==
~##spot## is not a normal user, you don't login as user spot. Instead, you bootup in the normal way as the root user, but you can choose to run some Internet applications as the restricted user spot.
~This means that you have unfettered access to your local system, all the benefits of root, no hassles with file/directory ownerships and permissions, no restrictions on access to all hardware.
~However, networking software such as [[Seamonkey]] (browser, Composer, mail&news, IRC-chat suite) can be run as spot.
~The home directory for spot is ##/root/spot## and Seamonkey will only be able to (normally) edit/create/write files inside /root/spot.
~With spot, you have the best of both worlds. Freedom in your local system, a restricted user for Internet access.
~Note, Puppy offers only [[Didiwiki]] personal blog running as spot and [[Seamonkey]] optionally running as spot -- you can choose your level of web-browsing danger, via the Login and Security Manager in the System menu.
==fido==
~##fido## is a full non-root login account, similar to other Linux distros. However, it's home directory is ##/root## (which may indeed seem peculiar, but there is a reason for it). As with other distros, you would use 'su' or 'sudo' to perform administrator activities.
~fido always requires administrator password to perform administrator-level operations.
~fido is offered as an option at the first shutdown of Puppy, when you are creating a save-file for the session. If you opt for fido, at next bootup you will be automatically logged in as fido. Note though, fido is not quite mature, so not yet recommended to be used.
==Fatdog 64==
~FatDog64 features all Internet applications running as spot.
~[[http://puppylinux.com/technical/root.htm About root, spot and fido (puppylinux.com)]]
~[[http://distro.ibiblio.org/fatdog/web/faqs/login.html I'm logged in as root? (fatdog)]]
~[[http://igurublog.wordpress.com/2010/01/16/fear-not-root/ Fear Not Root (IgnorantGuru's Blog)]]
~[[http://web.archive.org/web/20080604034010/grafpup.org/news/?page_id=243 Multi user support in Puppy and Grafpup Linux - my thoughts]]


Revision [29481]

Edited on 2013-11-08 08:34:11 by darkcity [links expand]
Additions:
~[[http://bkhome.org/blog/?viewDetailed=02240 Introducing 'fido' (Barry's blog)]]
~[[http://bkhome.org/blog/?viewDetailed=02241 More on 'fido' (Barry's blog)]]
~[[http://www.murga-linux.com/puppy/viewtopic.php?t=67885 'Fido' and 'Spot' for Beginners thread]]
Deletions:
~[[http://bkhome.org/blog/?viewDetailed=02240 Introducing 'fido' - Barry's blog]]
~[[http://bkhome.org/blog/?viewDetailed=02241 Fido on Barry's blog]]
~[[http://www.murga-linux.com/puppy/viewtopic.php?t=67885 'Fido' and 'Spot' for Beginners]]


Revision [29480]

Edited on 2013-11-08 08:31:43 by darkcity [links expand]
Additions:
~[[http://bkhome.org/blog/?viewDetailed=02240 Introducing 'fido' - Barry's blog]]
~[[http://www.murga-linux.com/puppy/viewtopic.php?t=71358 Fixing 'fido' thread]]
~[[http://www.murga-linux.com/puppy/viewtopic.php?t=67885 'Fido' and 'Spot' for Beginners]]


Revision [29478]

Edited on 2013-11-08 08:30:13 by darkcity [links expand]
Additions:
~[[MultiUser]] - Puppy versions set up for more than one user


Revision [29471]

Edited on 2013-11-08 08:19:29 by darkcity [links expand]
Additions:
{{include tonguesSpot}}
====Root, Spot and Fido user accounts====
~Puppy Linux typically is a single user OS. The single user is run as the ##root## account with full [[privileges]]. This is equivalent to being the administrator in Windows. That is there is no file a user can't modify (unless its read only) and no command that is prohibited.
---
~It has been argued that running as root is not significantly less secure that running with other user accounts with less privileges.
---
~Some Puppy versions also come with ##spot## and/or ##fido## accounts that don't have root privileges. They can be used to run browser and other networking software to add an extra level of security.
~[[http://www.murga-linux.com/puppy/viewtopic.php?t=50488 How to use Spot restricted user thread]]
~[[http://www.murga-linux.com/puppy/viewtopic.php?t=78122 Security in Puppy Linux: running as Root thread]]
~[[http://www.murga-linux.com/puppy/viewtopic.php?p=633797#633797 Running as Root - tallboy's post]]
Deletions:
{{include tonguesSecurity}}
====Security====
~Security includes protection from data loss, data theft and data corruption.
==List of Precaustion==
- Adobe Flash Player: either remove it or use the [[libflashplayer latest available version]]
- //never// open e-mail attachments from strangers; delete them instead
- re-new the default system password using the [[passwd]] utility
- use an operating system with a recent Linux kernel version: %%uname -a%%
- use the latest available versions of: [[gnupg]], [[libgcrypt]], [[openssl]]
- activate the software firewall ([[http://www.murga-linux.com/puppy/viewtopic.php?t=66966 discussion]]): //Menu > Setup > Linux-Firewall Wizard//
- use the latest available versions of file-system tools: [[bzip2]], [[dosfstools]], [[e2fsprogs]], [[grep]], [[gzip]], [[ntfs3g]], [[tar]], [[xz]]
- use [[encryption]]
- SecureErase
- always have a minimum of three identical versions of valuable or important files on physically //separate// media
- disable ""JavaScript"" within the Web browser (with a subsequent loss in Web-page functionality)
- perform virus detection: ClamAV
==Further Reading==
~http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
~https://github.com/freedomofpress/securedrop
~[[http://www.osnews.com/story/21901/Adobe_s_Flash_Flawed_Time_to_Do_Without_/ Potential Flash point]]
~http://www.builderau.com.au/program/linux
~[[http://www.murga-linux.com/puppy/index.php?f=47 Security forum thread]]
~[[http://www.seifried.org/security/index.php/Linux_Security Linux Security]]
~[[http://csrc.nist.gov/publications/history/ Security History]]
~[[http://tldp.org/HOWTO/Security-Quickstart-HOWTO/ Linux security Howto]]
~[[http://www.sans.org/top20/top10.php 10 tips]]
~[[http://www.heise.de/tp/r4/artikel/5/5263/1.html NSA in Windows]]
~[[http://www.sans.org/top-cyber-security-risks/ Top Cyber Security Risks]]
~[[http://www.lonerunners.net/blog/archives/722-My-Top-10-Security-Live-CD.html Live Linux CD for security]]
~[[http://www.makeuseof.com/tag/how-to-password-protect-grub-entries-linux/ Password protect GRUB]]
~[[http://group51.org group51.org]]
~[[http://sectools.org/index.html]]
~http://www.virustotal.com/
~http://www.cryptoheaven.com/
~http://epic.org/privacy/tools.html
~http://news.cnet.com/8301-13880_3-20010350-68.html?tag=mncol;mlt_related
~[[http://murga-linux.com/puppy/viewtopic.php?t=41146 forum topic]]
~[[http://www.murga-linux.com/puppy/viewtopic.php?p=405903 forum topic]]

==Appendix==
Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cyber-criminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows: 'If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. **Puppy Linux** is a nice small distribution that boots up fairly quickly. It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing Internet banking'. [[http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-internet-banking.aspx Source]]
==Security set-up for Puppy 2.16==
1 Open console type 'passwd'. enter your new password twice.
2 Run 'lock' on desktop and enter password from step 1
*you may want to select 'blank' from the config to save on processor usage
3 edit /etc/inittab to look like this:
%%::sysinit:/etc/rc.d/rc.sysinit
tty1::respawn:/sbin/getty 38400 tty1
tty2::respawn:/sbin/getty 38400 tty2
::ctrlaltdel:/sbin/reboot%%
*this keeps someone from killing lock with ctrl+alt+backspace and logging back in automatically and also gives the option on bootup to enter 'root' and 'password'.
==Create Password==
Boot Puppy
ctrl+alt+F2 (because my eyes are going and this is easier to read than in a console)
"
puppypc login :root
Password : well known and published password
#passwd
Changing password for root
New password : a new and unpublished password
Retype password : a new and unpublished password
Password for root changed by root
"
ctrl+alt+F3 (back to GUI)(F4 for some puppies)
Open terminal and type: passwd
Create a user to run applications.
Open terminal and type: cd / && mkdir home
Think of your new user name and then type in console: cd /home && mkdir ""YourNickHere""
Now copy these files to /home/""YourNickHere""
.bashrc, .fonts.cache-1, .gtkrc-2.0, .gtkrc.mine, .Xdefaults, .Xresources
Open terminal and type: adduser ""YourNickHere""
Run applications as ""YourNickHere"" by typing su -c application ""YourNickHere""
example: su -c gaim ""YourNickHere""
Make applications run as ""YourNickHere"" by default:
Edit application launchers to resemble this, su -c application ""YourNickHere""
Puppy has a personal wiki called ""DidiWiki"", with its own inbuilt HTTP server, so is accessed from a web browser, either locally or over a network/Internet. What we do in this case is run ""DidiWiki"" as user "spot". We can run an individual server application as a restricted non-root user, even though you yourself are still logged in as root.
~[[Spot]] - Spot and Fido accounts don't have root privileges
~[[http://www.murga-linux.com/puppy/viewtopic.php?p=633797#633797 Running as Root - tallboy perspective]]
CategoryIndex


Revision [29469]

The oldest known version of this page was created on 2013-11-08 08:03:13 by darkcity [links expand]
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki